PCI Compliance and Cloud Security:
Frequently Asked Questions
Gilad Parann-Nissany, co-
founder at Porticor Cloud
Security
• How do I generate strong encryption keys?
• Can my cloud provider read my data?
• What is “split knowledge” and why is i...
How do I generate strong encryption keys?
Encryption keys must be of sufficient length and totally
random. Make sure your ...
Can my cloud provider read my data?
If your cloud provider has
control over the
encryption keys, your data can
be seen by ...
What is “split knowledge” and why is it
important?
Split knowledge is needed first and foremost to split the
(encryption k...
What is Porticor® Virtual Private Data™ System?
• The industry’s first
cloud encryption and key
management system that doe...
For more information on PCI compliance and
cloud security, visit our website
http://www.porticor.com
Upcoming SlideShare
Loading in …5
×

PCI Compliance and Cloud Security: Frequently Asked Questions

271 views

Published on

Answers to frequently asked questions about PCI compliance and cloud security. For more information, see http://www.porticor.com

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
271
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • www.porticor.com © PORTICOR 2009, 2010
  • PCI Compliance and Cloud Security: Frequently Asked Questions

    1. 1. PCI Compliance and Cloud Security: Frequently Asked Questions Gilad Parann-Nissany, co- founder at Porticor Cloud Security
    2. 2. • How do I generate strong encryption keys? • Can my cloud provider read my data? • What is “split knowledge” and why is it important? • What is Porticor® Virtual Private Data™ System?
    3. 3. How do I generate strong encryption keys? Encryption keys must be of sufficient length and totally random. Make sure your encryption provider gives you tools to generate these keys, under your complete control.
    4. 4. Can my cloud provider read my data? If your cloud provider has control over the encryption keys, your data can be seen by the company. But if you keep the keys private, the data is fully protected. Find an encryption key management solution completely outside the control of the cloud provider.
    5. 5. What is “split knowledge” and why is it important? Split knowledge is needed first and foremost to split the (encryption keys) knowledge between the cloud provider/security vendor, and the enterprise. This is best done by utilizing techniques such as split-key management and homomorphic encryption of keys. An example for such a system is Porticor’s Virtual Private Data.
    6. 6. What is Porticor® Virtual Private Data™ System? • The industry’s first cloud encryption and key management system that does not sacrifice trust • The only solution that solves the unaddressed challenge of securely storing keys in the cloud • No changes required on the application servers • Encrypts the entire data level (databases, file servers, distributed storage, virtual disks)
    7. 7. For more information on PCI compliance and cloud security, visit our website http://www.porticor.com

    ×